>>> TL;DR: please try the patch out and report if it causes "Did not receive >>> identification string" log messages. I believe it does not. Aw crap. My homegrown anti-dos tool for ssh looks for either DNRIS or if logging is verbose enough a connection that didn't result in a login. I give the attacker a few tries and whitelist any successful candidate so I should be ok, but things are getting a bit riskier. I'm a big fan of happy eyeballs in general so I hope there is some way to allow happy eyeballs and still stop bots from repeatedly knocking on the door wasting cpu time. Simplest would be to never abort the extra happy eyeballs before actually logging in or the normal ssh connection timeout. There may be other ways to accomplish the same thing. -wolfgang _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
